<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Apache module mod_auth_anon.c</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#000080"
 ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_auth_anon</H1>

This module is contained in the <code>mod_auth_anon.c</code> file and
is not compiled in by default. It is only available in Apache 1.1 and
later. It allows "anonymous" user access to authenticated areas.

<h2>Summary</h2>

It does access control in a manner similar to anonymous-ftp sites; i.e.
have a 'magic' user id 'anonymous' and the email address as a password.
These email addresses can be logged.
<p>
Combined with other (database) access control methods, this allows for
effective user tracking and customization according to a user profile
while still keeping the site open for 'unregistered' users. One advantage
of using Auth-based user tracking is that, unlike magic-cookies and
funny URL pre/postfixes, it is completely browser independent and it
allows users to share URLs.
<p>

<a href="#Directives">Directives</a> /
<a href="#Example">Example</a> /
<a href="#CompileTimeOptions">Compile time options</a> /
<a href="#RevisionHistory">RevisionHistory</a> /
<a href="#Person">Person to blame</a> /
<a href="#Sourcecode">Sourcecode</a>
<p>

<h2><a name="Directives">Directives</a></h2>
<ul>
<li><A HREF="#anonymous">Anonymous</A>
<li><A HREF="#Authoritative">Anonymous_Authoritative</A>
<li><A HREF="#LogEmail">Anonymous_LogEmail</A>
<li><A HREF="#MustGiveEmail">Anonymous_MustGiveEmail</A>
<li><A HREF="#NoUserID">Anonymous_NoUserID</A>
<li><A HREF="#VerifyEmail">Anonymous_VerifyEmail</A>
</ul>

<hr>

<A name="anonymous"><h2>Anonymous</h2></a>
<!--%plaintext &lt;?INDEX {\tt Anonymous} directive&gt; -->
<strong>Syntax:</strong> Anonymous <em>user user ...</em><br>
<strong>Default:</strong> none<br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>

        A list of one or more 'magic' userIDs which are allowed access
        without password verification. The userIDs are space separated.
        It is possible to use the ' and " quotes to allow a space in
        a userID as well as the \ escape character.
        <p>
        Please note that the comparison is <b>case-IN-sensitive</b>.
        <br>
        I strongly suggest that the magic username '<code>anonymous</code>'
        is always one of the allowed userIDs.
        <p>
        Example:<br>
        <code>
        Anonymous: anonymous "Not Registered" 'I don\'t know'
        </code><p>
        This would allow the user to enter without password verification
        by using the userId's 'anonymous', 'AnonyMous','Not Registered' and
        'I Don't Know'.
<HR>

<A name="Authoritative"><h2>Anonymous_Authoritative</h2></A>
<strong>Syntax:</strong> Anonymous_Authoritative <em>on | off</em><br>
<strong>Default:</strong> <code>Anonymous_Authoritative off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>

        When set 'on', there is no
        fall-through to other authorization methods. So if a
        userID does not match the values specified in the
        <code>Anonymous</code> directive, access is denied.
        <p>
        Be sure you know what you are doing when you decide to switch 
        it on. And remember that it is the linking order of the modules
        (in the Configuration / Make file) which details the order
        in which the Authorization modules are queried.
<hr>

<A name="LogEmail"><h2>Anonymous_LogEmail</h2></A>
<strong>Syntax:</strong> Anonymous_LogEmail <em>on | off</em><br>
<strong>Default:</strong> <code>off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>

        When set 'on', the default, the 'password' entered (which hopefully
        contains a sensible email address) is logged in the httpd-log file.
<hr>

<A name="MustGiveEmail"><h2>Anonymous_MustGiveEmail</h2></a>
<!--%plaintext &lt;?INDEX {\tt Anonymous_MustGiveEmail} directive&gt; -->
<strong>Syntax:</strong> Anonymous_MustGiveEmail <em>on</em> | <em>off</em><br>
<strong>Default:</strong> off<br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>

        Specifies whether the user must specify an email
        address as the password.  This prohibits blank passwords.
<HR>

<A name="NoUserID"><h2>Anonymous_NoUserID</h2></A>
<strong>Syntax:</strong> Anonymous_NoUserID <em>on | off</em><br>
<strong>Default:</strong> <code>Anonymous_NoUserID off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>

        When set 'on', users can leave
        the userID (and perhaps the password field) empty. This
        can be very convenient for MS-Explorer users who can
        just hit return or click directly on the OK button; which
        seems a natural reaction.

<hr>

<A name="VerifyEmail"><h2>Anonymous_VerifyEmail</h2></A>
<strong>Syntax:</strong> Anonymous <em>on | off</em><br>
<strong>Default:</strong> <code>Anonymous_VerifyEmail off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>

        When set 'on' the 'password' entered is
        checked for at least one '@' and a '.' to encourage users to enter
        valid email addresses (see the above <code>Auth_LogEmail</code>).

<hr><a name="Example"><h2>Example</h2></a>

The example below (when combined with the Auth directives
of a htpasswd-file based (or GDM, mSQL etc) base access
control system allows users in as 'guests' with the
following properties:
<ul>
<li>
It insists that the user enters a userId. (<code>Anonymous_NoUserId</code>)
<li>
It insists that the user enters a password. (<code>Anonymous_MustGiveEmail</code>)
<li>
The password entered must be a valid email address, ie. contain at least one '@' and a '.'.
(<code>Anonymous_VerifyEmail</code>)
<li>
The userID must be one of <code>anonymous guest www test welcome</code>
and comparison is <b>not</b> case sensitive.
<code>&lt;directory /web/docs/public&gt;</code>
<li>
And the Email addresses entered in the passswd field are logged to
the httpd-log file
(<code>Anonymous_LogEmail</code>)
</ul>
<p>
Excerpt of access.conf:
<dl>
<dt><code>
Anonymous        anonymous guest www test welcome<p>
Anonymous_MustGiveEmail on<br>
Anonymous_VerifyEmail    on<br>
Anonymous_NoUserId      off<br>
Anonymous_LogEmail      on<br>
<p>
AuthName                Use 'anonymous' & Email address for guest entry<br>
AuthType                basic<p>

</code></dt>
<dd>
                Normal Apache/NCSA tokens for access control
                <p>
                <code>&lt;limit get post head&gt</code><br>
                <code>order deny,allow          </code><br>
                <code>allow from all            </code><br>
                <p>
                <code>require valid-user        </code><br>
                <code>&lt;limit&gt              </code><br>
</dd>
</dl>


<hr><h2><a name="CompileTimeOptions">Compile Time Options</a></h2>

Currently there are no Compile options.

<hr><h2><a name="RevisionHistory">Revision History</a></h2>

This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996.

<dl>

<dt>Version 0.4<br></dt>
    <dd>First release
    </dd>
<dt>Version 0.5<br></dt>
    <dd>Added 'VerifyEmail' and 'LogEmail' options. Multiple
        'anonymous' tokens allowed. more docs. Added Authoritative
        functionality.
    </dd>
</dl>


<hr><h2><a name="Person">Contact/person to blame</a></h2>

This module was written for the
<a href="http://ewse.ceo.org">European Wide Service Exchange</a> by
&lt<a href="mailto:Dirk.vanGulik@jrc.it"><code>Dirk.vanGulik@jrc.it</code></a>&gt.
Feel free to contact me if you have any problems, ice-creams or bugs. This
documentation, courtesy of Nick Himba, <a href="mailto:himba@cs.utwente.nl">
<code>&lt;himba@cs.utwente.nl&gt;</code></a>.
<p>


<hr><h2><a NAME="Sourcecode">Sourcecode</a></h2>

The source code can be found at <a href="http://www.apache.org"><code>
http://www.apache.org</code></a>. A snapshot of a development version
usually resides at <a href="http://me-www.jrc.it/~dirkx/mod_auth_anon.c"><code>
http://me-www.jrc.it/~dirkx/mod_auth_anon.c</code></a>. Please make sure
that you always quote the version you use when filing a bug report.
<p>

<!--#include virtual="footer.html" -->
</body>
</html>

